From time to time we have clients that want website administration access for various reasons. As simple as it seems, potential instability and compromised security of their website can occur.
Clients may have an external agency wanting to perform work on their website, or they may hire a new member of their team who has had some past experience with Wordpress websites and wants to add new features/plugins to the site and/or implement other changes.
Additions or changes to a websites code or plugins can lead to conflicts or errors and in turn, lead to reduced or compromised security, down time and potential loss of income.
In most cases, it is ‘expected’ that CRU resolves these issues as part of our hosting & support plan services - even though we do not know what additions or changes have been made.
CRU wants clients managing as much of their website as possible. We provide access for clients to update/change their content, add new pages, manage all aspects of orders, manage products and other daily tasks. When it comes to plugins and code, CRU needs have full management of these in order to truly manage our clients websites.
Additions or changes to the website that can be made are listed below. When these changes are made without CRU’s knowledge they can lead to various issues.
Adding plugins - Plugins extend the functionality of Wordpress and Woocommerce providing new features, security options and more. Adding too many plugins can lead to performance issues and also leads to an increase in plugin management - as plugins need to be updated regularly. Premium plugins have a license per website and require regular updates for new features and bug fixes for issues including security patches. Outdated plugins can lead to security breaches and other errors or website breakages. If CRU has no license for a plugin that has been added by a user other than CRU, we cannot update that plugin during our regular updates - and therefore are blocked from performing our updates. Plugins can also conflict with each other leading to broken features and potential security issues - for example, a security plugin added may override another form of security that CRU has set up (either on the server level or other) or other security settings and effectively reduce security altogether.
Adding custom code - Code added to a website can also lead to breakages or security issues. Anything that is coded as a dependant to a wordpress theme will break if the theme is updated. If CRU updates a website and it breaks, we have no way of knowing and why and would need to spend the time to investigate. New code may conflict with exisiting code and lead to downtime or other issues.
Adding other administrators - Adding multiple administrators and not keeping up to date with who that administrator is, how strong their passwords are or whether they still need access to your site is a security issue that can be prevented easily. CRU services keeps track of these users and our own admin team members update passwords every month.
Plugins or code added without CRU’s knowledge can have disastrous effects from as little as features/functionality both front and backend not working, to downtime of a website, loss of income, to hacked website and breach of customer data. In todays world, breach of customers data is occurring more often and customers need to know that their data is safe.
What are the options if I have an agency that we have hired that needs to do work on the website?
If your agency needs to have scripts, tracking pixels or other code added, they can raise a ticket with our team cc’ing a CRU client in the ticket to ensure they have permission to request changes or additions. If there is a plugin to be aded that is not part of our approved list, CRU can investigate the plugin to see if we will add it to our list - see more about plugin requests
here. If it is imperative for the agency to have access to perform a task, CRU can provide access to the staging website which is an exact copy of the live website. In this event, CRU can create backups of either the live site and/or the staging site and check any code or additions before they are pushed to the live website. In this case, CRU would charge for the time to assist in this area and will provide a quote on request.
In the event that a client ignores any of the above and adds (either themselves or a third party) unapproved plugins and code to their website, CRU will no longer perform plugin and other website updates and the client waves any responsibility that CRU has over their website management or in the event that there is a security breach, downtime or loss of income. In the event that any of these issues occur, CRU will charge our emergency rate for investigation and resolution of the issue. To be able to properly resolve any issues we would remove any plugins or code that has not been added by CRU. It may be that CRU cancels hosting subscription with the client and removes CRU Club and other CRU proprietary plugins and provides the client with their website to host elsewhere.
To see our updated terms and conditions regarding administration access and adding unapproved plugins and code please read
here.
Summary
CRU fees cover a vast amount of management for our clients websites. Our fees reflect the amount of work we do to keep our clients websites safe and secure and performing to the best of their ability. We manage the servers, security, support, documentation and vet new features/plugins. Other agencies do not go so far as we do and that can be a reflection of their pricing. CRU migrates websites from other agencies for new clients that want to utilise CRU Club and other features and in all cases, we find many issues on their sites from poor development. We have a standard at CRU and having full management of our client sites, we can ensure that standard is met. We cannot do so if there are changes to a clients website that we are unaware of.